matt/stratos
1
0
Fork 0
mirror of https://github.com/matt-fidd/stratos.git synced 2026-01-01 17:59:25 +00:00
Code Issues Projects Releases Wiki Activity

Rewrite PasswordReset constructor to check for token in record

Browse Source
This commit is contained in:
matt
2022-02-14 10:28:16 +00:00
parent 179bd4ce93
commit 53ac018d40
1 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
lib/PasswordReset.js
View File

@@ -11,21 +11,28 @@ class PasswordReset {
nonce;
expires;
constructor(userId) {
constructor(userId, token) {
const sql = `
select
userId,
token,
nonce,
expires,
userId
UNIX_TIMESTAMP(expires) as expires
from passwordReset
where
userId = ?;
userId = ?
and token = ?;
`;
return (async () => {
const conn = await new DatabaseConnectionPool();
const record = await conn.runQuery(sql, [ userId ]);
const record = await conn.runQuery(sql, [
userId,
token
]);
if (!record.length)
throw new Error('No password reset found');
for (const [ k, v ] of Object.entries(record[0]))
this[k] = v;
@@ -85,7 +92,7 @@ class PasswordReset {
expires
]);
return new PasswordReset(u.id);
return new PasswordReset(u.id, token);
}
}